Syft2d ago
We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=ZxkXfccgKvI
Grype2d ago
We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=ZxkXfccgKvI
ActiveState3d ago

Project Glasswing found a 27-year-old zero-day in OpenBSD. Autonomously.

The finding problem just got solved. The remediation problem just got harder.

Industry average MTTR for a critical CVE: 60+ days. More CVEs, same infrastructure. Do the math.

https://www.activestate.com/blog/project-glasswing-open-source-remediation-infrastructure/?utm_source=linkedin&utm_medium=organic_social&utm_campaign=fy26_q1_curated-catalog

#ProjectGlasswing #OpenSourceSecurity

ActiveState5d ago

Securing the container was never the whole answer. The application dependencies inside it were always the risk.

In 2026, that gap has a name and a price tag.

https://www.linkedin.com/pulse/view-from-trenches-why-software-supply-chain-still-liability-7qrme/

#OpenSourceSecurity #SoftwareSupplyChain #CyberSecurity

ActiveStateApr 11

5 reasons your open source software strategy is a personal liability in 2026.
AI code volume broke the scan-and-pray model. Here's what's left exposed.

https://medium.com/@ActiveState_ASPM/the-five-horsemen-of-the-ai-code-apocalypse-why-your-current-open-source-software-strategy-is-a-78f5b7efe162

#OpenSourceSecurity #SoftwareSupplyChain #CyberSecurity

The Five Horsemen of the AI Code Apocalypse: Why Your Current Open Source Software Strategy is a…

The era of human scale development is over. In 2026, the velocity of synthetic code generation has turned the software supply chain into a…

Medium
Analyst207Apr 11

Malware Poisons Open Source Tools in Dual Supply Chain Attacks

Imagine trusting a tool, only to have it secretly turned against you - that's what happened in March when two massive supply chain attacks infected popular open source tools with malware, putting tens of thousands of organizations at risk. The full extent of the damage may not be known for months, but one thing is…

https://osintsights.com/malware-poisons-open-source-tools-in-dual-supply-chain-attacks?utm_source=mastodon&utm_medium=social

#SupplyChainAttacks #OpenSourceSecurity #MalwareOperations #EmergingThreats #NationState

Malware Poisons Open Source Tools in Dual Supply Chain Attacks

Malware infects open source tools in dual supply chain attacks, stealing secrets from tens of thousands of organizations, learn how to protect yourself now.

OSINTSights
ActiveStateApr 10

AI pulls open source dependencies faster than humans can vet them. The perimeter was never the problem.

The ingredients were.

We broke down where application layer security actually stands in 2026.

https://substack.com/home/post/p-193372464

#OpenSourceSecurity #SoftwareSupplyChain #CyberSecurity

The Illusion of the Clean Perimeter

The modern software development lifecycle is no longer operating at human scale.

SyftApr 9
We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=204PIweyiTA
GrypeApr 9
We're LIVE! Join the Anchore Open Source team now to discuss Syft, Grype, and the latest in #OpenSourceSecurity. Ask your questions! https://www.youtube.com/watch?v=204PIweyiTA
N-gated Hacker NewsApr 9
🐱‍💻 Oh, Astral's here to save us all from the horrors of open source security, one blog post at a time. Because, clearly, a company that "builds tools" for "millions" will tame the wild world of supply chain attacks with just a sprinkle of their secret sauce. 🥄✨
https://astral.sh/blog/open-source-security-at-astral #OpenSourceSecurity #AstralSupplyChain #CybersecurityBlog #SupplyChainAttacks #TechInnovation #HackerNews #ngated
Open source security at Astral

Insights and guidance from our engineering team on how Astral secures its tools.